At 14:23 -0400 8/20/08, Andrew Sullivan wrote:
>> Is there anything that conclusively talks about DNSSEC and split DNS? Is
>> there also a good comprehensive resource for DNSSEC?
I wish there was.
>There was an Internet-Draft (in dnsop, I think) that was about
>split-view DNS and DNSSEC. It had some useful remarks in it,
>although I thought it needed a lot of work (and had a bunch of stuff
>that needed to be broken out of it). It's at
>http://tools.ietf.org/html/draft-krishnaswamy-dnsop-dnssec-split-view-04.
No one bothered to contribute to the effort, so it languished.
The one problem with DNSSEC and split-DNS that has not been solved is
"how does one deploy DNSSEC on the outside and not on the inside?"
(A topic for another thread.)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Never confuse activity with progress. Activity pays more.